Privacy Policy
This policy explains what AIXIA collects, why, and what you can do about it. It covers the public site at realaixia.com, the product behind the sign-in, and any marketing emails we send.
We're an early-stage company. The policy is written in plain English. If something is unclear, email us and we'll explain.
1. Who we are
AIXIA is a product operated by JayKay (sole proprietor, United States). For privacy purposes we are the data controller for information you give us directly on this website.
Contact for privacy questions: privacy@realaixia.com.
2. What we collect and why
We only collect what we need. As of the date above:
- Your email address, when you join the waitlist. We use it to tell you when AIXIA opens up and to send occasional updates about the launch. Nothing else.
- A timestamp of when you consented, and a one-way hash of your IP address and browser user-agent. We use the hashes to detect abuse (signup bots, duplicate fraud). We never see your real IP or user-agent after the hash runs.
- Account data (email, hashed password or Google account ID), once you sign in to the product. Handled by Supabase on our behalf.
- Content you paste into AIXIA (YouTube URLs, competitor URLs, documents, ideas) — used only to generate your requested output. We do not train any models on your content.
- Proof Graph and Blueprint records — source-lineage metadata, decisions, Blueprint revisions, fork history, and outcome claims are stored in account-scoped files on AIXIA's Railway-hosted server. They are not stored only on your device.
- Public Gallery data — only when you explicitly publish a Blueprint: its exact previewed snapshot, optional display name, publication time, fork count, shipped-claim count, and content-rights confirmation. Raw Vault files and private Proof Graph source nodes are not included in the public Gallery record.
- Service logs (requests to our servers, errors, timings) — retained 30 days for debugging and kept out of view of any non-admin.
We do not sell your data. We do not rent it. We do not run third-party ad trackers, tracking pixels, or analytics that share data with advertisers.
3. Legal basis (if you're in the EU/UK)
- Consent — for sending you marketing emails. You gave this by submitting the waitlist form. You can withdraw it at any time (see below).
- Legitimate interest — for abuse detection via hashed IP/UA and for keeping basic service logs. Our interest here is keeping the service secure and functional; we balance that against your privacy by only storing one-way hashes and rotating logs after 30 days.
- Contract — once you're signed in to the product, processing your inputs is necessary to deliver the service you asked for.
4. Who we share data with
We use a small number of processors. Each is contractually required to handle your data only to deliver their part of the service:
- Supabase (database + auth) — stores your waitlist record and any account you create. US region by default.
- Railway (hosting) — runs the AIXIA server.
- Anthropic, Google (Gemini), and other AI providers — process the content you submit to generate output. Providers' own privacy terms apply to content we route to them. We configure API-level opt-outs from training where available.
- Email sending provider — to send you the emails you asked for. We will name the specific vendor in this section once we start sending emails (currently pre-launch).
We do not share your data with anyone else. We do not sell your data under CCPA's definition of "sale."
5. How long we keep it
- Waitlist email: until you unsubscribe, request deletion, or AIXIA shuts down — whichever comes first.
- Consent hashes (IP/UA): same as above, unless you request deletion.
- Service logs: 30 days.
- Account data and private content: for the life of the account. Deleting your account deletes your private content within 30 days, except what we're required to retain for legal/tax reasons.
- Published Blueprints: until you unpublish or delete the account. Unpublishing removes AIXIA's public listing, but cannot recall copies another user already forked or exported. Fork lineage retains attribution to the original public slug.
6. Your rights
Regardless of where you live, you have the right to:
- Access — ask what we have about you.
- Correction — fix anything that's wrong.
- Deletion — ask us to remove your data.
- Portability — get a copy in a machine-readable format.
- Withdraw consent — stop marketing emails at any time using the one-click unsubscribe in any email, or by emailing us.
- Object — object to processing based on legitimate interest.
If you're in California, CCPA/CPRA additionally gives you the right to know the categories of personal information we collect (listed in section 2 above) and the right to non-discrimination for exercising privacy rights. We honor these for all users, not just California residents.
To exercise any of these, email privacy@realaixia.com from the address we have on file. We respond within 30 days.
7. Cross-border transfers
AIXIA operates from the United States. If you're in the EU/UK/Switzerland, your data is transferred to the US when you use the site. We rely on Standard Contractual Clauses (SCCs) with our processors where applicable.
8. Cookies and local storage
The public landing page uses essentially no cookies. We use localStorage to remember your Motion and Shader preferences and theme (dark/light). Supabase Auth stores the signed-in browser session using its browser storage/session mechanisms. No tracking or ad cookies are used.
9. Children
AIXIA is not directed to children under 16. If you believe a child has given us personal information, email us and we'll delete it.
10. Security
We use HTTPS everywhere, keep API keys out of source control, hash passwords via Supabase Auth (bcrypt), and review our compliance posture before any new feature that touches user data. No system is perfectly secure; if we discover a breach affecting your data, we'll notify you without undue delay.
11. Changes to this policy
If we make material changes, we'll update the "Last updated" date at the top and, for significant changes, email everyone on the waitlist. Earlier versions will be preserved in our internal change log.